AOL YGPPDownload ActiveX Control Client-Side Buffer Overflow Vulnerabilities
Multiple vulnerabilities have been identified in AOL, which could be exploited by attackers to take complete control of an affected system.



The first issue is due to a buffer overflow error in the YGPPDownload ActiveX control when processing malformed arguments passed to the "AddPictureNoAlbum()" method, which could be exploited by remote attackers to execute arbitrary commands via a specially crafted web page.



The second vulnerability is due to a buffer overflow error in the YGPPDownload ActiveX control when processing a malformed "downloadFileDirectory" property, which could be exploited by remote attackers to execute arbitrary commands by tricking a user into visiting a malicious web page.



Affected Products



AOL version 9.0 and prior

AOL version 9.0 (Security Edition) and prior



Solution



Log in to the AOL service to apply patches automatically :

http://free.aol.com/downloadaol
더보기

댓글,